Here it is - 2 bits again
Note "C:\exploser.exe" - this was the renamed explorer.exe file I put on in the early stages to get access to the drives - did it get infected?
When combo fix started - it reported a later version was available. I didn't download it as I wasn't sure of the possible results if I didn't rename it as Combo-Fix (the textfile had already been dropped in.
ComboFix 09-09-07.03 - Emma Thomson 08/09/2009 16:47.2.1 - NTFSx86
Running from: f:\malware tools\Combo-Fix.exe
Command switches used :: f:\malware tools\CFScript.txt
* Created a new restore point
FILE ::
"C:\exploser.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autoruns
c:\autoruns\arun.pif
c:\autoruns\autoruns.chm
c:\autoruns\autoruns.exe
c:\autoruns\Autoruns.zip
c:\autoruns\autorunsc.exe
C:\autorunsc
C:\exploser.exe
.
--------------- FCopy ---------------
c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.
2009-09-08 15:48 . 2009-09-08 15:48 -------- d-----w- c:\windows\LastGood
2009-09-08 15:47 . 2004-08-04 00:56 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-09-08 15:47 . 2004-08-04 00:56 55808 ----a-w- c:\windows\system32\eventlog.dll
2009-09-07 12:49 . 2009-09-07 12:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-09-07 09:37 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 09:37 . 2009-09-07 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 09:37 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-03 12:49 . 2007-06-13 10:23 1033216 -c--a-w- c:\windows\system32\dllcache\explorer.exe
2009-09-03 12:49 . 2007-06-13 10:23 1033216 ------w- c:\windows\explorer.exe
2009-09-01 15:34 . 2009-09-01 15:42 -------- d--h--w- c:\windows\PIF
2009-09-01 14:33 . 2009-09-01 14:33 25424 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 12:26 . 2009-09-01 12:26 -------- d-----w- c:\documents and settings\Papa\Local Settings\Application Data\Apple Computer
2009-09-01 12:26 . 2009-09-01 12:26 -------- d-----w- c:\documents and settings\Papa\Local Settings\Application Data\Conduit
2009-09-01 12:26 . 2009-09-01 12:26 -------- d-----w- c:\documents and settings\Papa\Application Data\Yahoo!
2009-08-29 19:13 . 2009-08-29 19:13 -------- d-----w- c:\documents and settings\Jack\Local Settings\Application Data\Conduit
2009-08-29 19:11 . 2009-08-29 19:11 -------- d-----w- c:\documents and settings\Jack\Application Data\Yahoo!
2009-08-23 14:51 . 2009-08-23 14:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-12 18:41 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 13:00 . 2005-04-20 14:39 -------- d-----w- c:\program files\Yahoo!
2009-09-07 12:53 . 2005-07-07 13:58 -------- d--h--r- c:\documents and settings\All Users\Application Data\yahoo!
2009-09-07 12:45 . 2006-06-19 20:35 -------- d-----w- c:\program files\WildGames
2009-09-02 18:20 . 2008-11-10 18:20 -------- d-----w- c:\program files\MeBigBoot
2009-09-01 17:35 . 2009-06-04 12:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-01 15:36 . 2008-11-11 10:52 -------- d-----w- c:\program files\Spyware Doctor
2009-08-25 17:14 . 2006-06-12 12:01 -------- d-----w- c:\program files\Diner Dash 2
2009-08-25 17:13 . 2006-04-16 19:27 -------- d-----w- c:\program files\PlayFirst
2009-08-25 17:11 . 2007-09-20 19:00 -------- d-----w- c:\program files\DeliciousDeluxe2_at
2009-08-25 17:09 . 2005-11-05 21:10 -------- d-----w- c:\program files\Yahoo! Games
2009-08-25 17:08 . 2006-05-16 16:01 -------- d-----w- c:\documents and settings\Emma Thomson\Application Data\PlayFirst
2009-08-25 17:08 . 2006-05-16 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-08-25 17:07 . 2006-07-30 18:34 -------- d-----w- c:\program files\GameHouse
2009-08-25 17:05 . 2006-04-30 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games
2009-08-25 17:04 . 2007-09-05 15:48 -------- d-----w- c:\program files\BurgerIsland_at
2009-08-25 10:36 . 2007-09-11 20:25 -------- d-----w- c:\program files\BellesBeautyBoutique_at
2009-08-18 15:35 . 2004-12-26 12:42 25424 ----a-w- c:\documents and settings\Emma Thomson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-09 12:41 . 2009-08-09 12:41 -------- d-----w- c:\program files\MSBuild
2009-08-09 12:40 . 2009-08-09 12:40 -------- d-----w- c:\program files\Reference Assemblies
2009-08-09 12:24 . 2009-08-09 12:24 -------- d-----w- c:\program files\MSXML 6.0
2009-08-05 09:11 . 2002-12-11 23:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 15:03 . 2009-02-27 22:04 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-01 10:32 . 2007-04-23 01:39 -------- d-----w- c:\program files\LimeWire
2009-08-01 10:27 . 2009-08-01 10:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-01 10:27 . 2007-04-23 01:40 -------- d-----w- c:\program files\Java
2009-07-24 16:02 . 2005-03-16 10:41 25424 ----a-w- c:\documents and settings\archie thomson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-17 18:55 . 2004-10-01 06:51 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 17:20 . 2009-07-15 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-15 17:15 . 2009-06-04 12:44 -------- d-----w- c:\program files\Norton Security Scan
2009-07-15 17:08 . 2009-07-15 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-07-15 17:07 . 2009-07-15 17:07 -------- d-----w- c:\program files\NortonInstaller
2009-07-15 17:07 . 2009-07-15 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-07-13 22:43 . 2004-12-26 12:33 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 18:00 . 2007-09-05 15:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-29 16:12 . 2004-02-06 18:05 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-12-26 12:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-10-01 06:51 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 08:44 . 2004-10-01 06:52 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-10-01 06:52 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-10-01 06:52 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-10-01 06:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2004-10-01 06:52 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-10-01 06:52 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:34 . 2004-10-01 06:52 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2004-10-01 06:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-10-01 06:52 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 11:50 . 2004-10-01 06:52 76288 ----a-w- c:\windows\system32\telnet.exe
2005-11-04 18:17 . 2005-11-04 18:17 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-09-05 17:00 . 2006-07-30 18:34 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\windows\explorer.exe ---
Company: Microsoft Corporation
File Description: Windows Explorer
File Version: 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
Product Name: Microsoft
Windows
Operating System
Copyright:
Microsoft Corporation. All rights reserved.
Original Filename: EXPLORER.EXE
File size: 1033216
Created time: 2009-09-03 12:49
Modified time: 2007-06-13 10:23
MD5: 97BD6515465659FF8F3B7BE375B2EA87
SHA1: 972307A3EF93680AFDD03603DF20F2241047A934